This cheatsheet provides a comprehensive, quick-reference guide for configuring, managing, and troubleshooting Aruba Wireless LANs running AOS 8 (Mobility Master/Controller) and AOS 10 (Aruba Central/Gateway) as of December 2025. It covers essential commands, configuration steps, and best practices for enterprise wireless environments.
Quick Reference
| Category | Command/Concept | Description |
|---|---|---|
| System Info | show version | Display software version and uptime. |
show ap database long | View details of all connected Access Points. | |
show users | List connected wireless clients. | |
| Connectivity | ping <IP> | Test network reachability. |
show datapath session table | View active firewall sessions. | |
| WLAN Config | wlan ssid-profile <name> | Create/edit an SSID profile. |
wlan virtual-ap <name> | Create/edit a Virtual AP profile. | |
| Authentication | aaa authentication-server radius <name> | Configure a RADIUS server. |
aaa profile <name> | Create/edit an AAA profile. | |
| Troubleshooting | show log wireless | Display wireless-related logs. |
debug client <MAC> | Enable debug for a specific client. | |
| AOS 10 Specific | show aruba-central | View Aruba Central connectivity status (on Gateway). |
show gateways | List managed Gateways (from Central GUI). |
1. Architecture Overview (AOS 8 vs. AOS 10)
Aruba’s wireless architecture has evolved significantly, with AOS 8 relying on on-premises Mobility Master/Controllers and AOS 10 shifting to a cloud-managed model with Aruba Central and Gateways.
AOS 8 Architecture (Mobility Master & Mobility Controllers)
Explanation: AOS 8 introduces the Mobility Master (MM) as a centralized point for configuration and management of multiple Mobility Controllers (MCs). MCs handle AP termination, client data forwarding, and policy enforcement. This provides a hierarchical, scalable, and resilient architecture.
Components:
- Mobility Master (MM): Centralized configuration, firmware, and licensing for all MCs.
- Mobility Controller (MC): Terminates APs, processes client traffic, enforces policies.
- Access Points (APs): Connect to MCs, provide wireless service.
AOS 10 Architecture (Aruba Central & Gateways)
Explanation: AOS 10 is designed for cloud-native management via Aruba Central. Gateways replace traditional Mobility Controllers, acting as policy enforcement points and data planes, while all configuration and monitoring are done through Aruba Central. This offers simplified operations, global visibility, and AI-powered insights.
Components:
- Aruba Central: Cloud-based management platform for configuration, monitoring, and troubleshooting.
- Gateways (e.g., 9000 Series, 7200 Series running AOS 10): Terminate APs, process client traffic, enforce policies.
- Access Points (APs): Connect to Gateways, provide wireless service.
2. Basic System Configuration
System Information & Status
| Command (AOS 8/10) | Description | Example |
|---|---|---|
show version | Displays software version, build, and uptime. | show version |
show ap database long | Shows detailed information about all provisioned and connected APs. | show ap database long |
show ap active | Lists currently active APs. | show ap active |
show interface brief | Summarizes interface status and IP addresses. | show interface brief |
show ip route | Displays the routing table. | show ip route |
show clock | Shows current system time. | show clock |
show licenses | Displays installed licenses. | show licenses |
show log system | View system logs. | show log system |
Initial Setup (CLI)
// Global Configuration Mode
(host) #configure terminal
// Set hostname
(host) (config) #hostname my-aruba-controller
// Set clock (NTP recommended)
(host) (config) #clock timezone <zone> <offset>
(host) (config) #ntp server <NTP_SERVER_IP>
(host) (config) #ntp enable
// Configure management interface (VLAN 1 example)
(host) (config) #interface vlan 1
(host) (config-if) #ip address <IP_ADDRESS> <NETMASK>
(host) (config-if) #exit
// Configure default gateway
(host) (config) #ip default-gateway <GATEWAY_IP>
// Configure DNS servers
(host) (config) #ip host <DNS_SERVER_IP>
// Save configuration
(host) (config) #write memory
Explanation: Basic setup for network connectivity and time synchronization. Use Case: Initial deployment or post-reset configuration.
3. WLAN (SSID) and VLAN Configuration
SSID Profile Configuration
| Command (AOS 8/10) | Description | Example |
|---|---|---|
wlan ssid-profile <name> | Creates or enters SSID profile configuration mode. | wlan ssid-profile corp-ssid |
essid <SSID_NAME> | Sets the broadcast SSID name. | essid "Corporate WiFi" |
opmode <mode> | Sets the security mode (e.g., wpa2-aes, wpa2-psk-aes, wpa3-sae). | opmode wpa2-aes |
wpa-passphrase <key> | Sets the PSK for WPA/WPA2-PSK. | wpa-passphrase "MySecureKey123" |
dot1x | Enables 802.1X authentication. | dot1x |
vlan <VLAN_ID> | Assigns a static VLAN to the SSID (less common with roles). | vlan 10 |
no broadcast-ssid | Hides the SSID broadcast. | no broadcast-ssid |
Example: WPA2-PSK SSID
(host) (config) #wlan ssid-profile corp-psk-ssid
(host) (ssid-profile "corp-psk-ssid") #essid "Corporate-PSK"
(host) (ssid-profile "corp-psk-ssid") #opmode wpa2-psk-aes
(host) (ssid-profile "corp-psk-ssid") #wpa-passphrase "MySecretPSK!"
(host) (ssid-profile "corp-psk-ssid") #exit
Example: 802.1X SSID
(host) (config) #wlan ssid-profile corp-dot1x-ssid
(host) (ssid-profile "corp-dot1x-ssid") #essid "Corporate-802.1X"
(host) (ssid-profile "corp-dot1x-ssid") #opmode wpa2-aes
(host) (ssid-profile "corp-dot1x-ssid") #dot1x
(host) (ssid-profile "corp-dot1x-ssid") #exit
Virtual AP Profile Configuration
The Virtual AP (VAP) profile links the SSID, AAA, and RF profiles to an AP group or specific AP.
| Command (AOS 8/10) | Description | Example |
|---|---|---|
wlan virtual-ap <name> | Creates or enters VAP profile configuration mode. | wlan virtual-ap corp-vap |
ssid-profile <ssid_name> | Links an SSID profile. | ssid-profile corp-dot1x-ssid |
aaa-profile <aaa_name> | Links an AAA authentication profile. | aaa-profile corp-aaa-profile |
vlan <VLAN_ID> | Sets the default VLAN for clients on this VAP (can be overridden by roles). | vlan 20 |
forward-mode <mode> | Sets the data forwarding mode (tunnel, decrypt-tunnel, bridge). | forward-mode tunnel |
band <band> | Specifies which radio band (e.g., all, a, g) this VAP operates on. | band all |
Example: Virtual AP for Corporate Network
(host) (config) #wlan virtual-ap corp-vap
(host) (virtual-ap "corp-vap") #ssid-profile corp-dot1x-ssid
(host) (virtual-ap "corp-vap") #aaa-profile corp-aaa-profile
(host) (virtual-ap "corp-vap") #vlan 20
(host) (virtual-ap "corp-vap") #forward-mode tunnel
(host) (virtual-ap "corp-vap") #exit
AP Group Configuration (AOS 8)
AP groups allow applying configurations to multiple APs simultaneously.
(host) (config) #ap-group <group-name>
(host) (ap-group "group-name") #virtual-ap <vap-name>
(host) (ap-group "group-name") #exit
Explanation: Assigns a Virtual AP profile to an AP group. Use Case: Deploying an SSID to a set of APs.
VLAN Configuration
| Command (AOS 8/10) | Description | Example |
|---|---|---|
interface vlan <ID> | Creates or enters VLAN interface configuration. | interface vlan 10 |
ip address <IP> <NETMASK> | Assigns an IP address to the VLAN interface (for controller/gateway). | ip address 10.0.10.1 255.255.255.0 |
description <text> | Adds a description to the VLAN. | description "Corporate Users" |
ip dhcp-server <pool-name> | Configures a DHCP server on the VLAN interface. | ip dhcp-server corp-pool |
Example: Configure VLAN Interface with DHCP
(host) (config) #interface vlan 10
(host) (config-if) #ip address 10.0.10.1 255.255.255.0
(host) (config-if) #description "Corporate User VLAN"
(host) (config-if) #ip dhcp-server corp-pool
(host) (config-if) #exit
// DHCP Pool Configuration
(host) (config) #ip dhcp pool corp-pool
(host) (dhcp-pool "corp-pool") #network 10.0.10.0 255.255.255.0
(host) (dhcp-pool "corp-pool") #default-router 10.0.10.1
(host) (dhcp-pool "corp-pool") #dns-server 8.8.8.8
(host) (dhcp-pool "corp-pool") #lease 0 8 0
(host) (dhcp-pool "corp-pool") #exit
4. Authentication Methods (PSK, 802.1X, RADIUS)
Pre-Shared Key (PSK)
Configured directly in the wlan ssid-profile as shown above. Simple for small networks or guest access.
RADIUS Server Configuration
| Command (AOS 8/10) | Description | Example |
|---|---|---|
aaa authentication-server radius <name> | Creates/edits a RADIUS server definition. | aaa authentication-server radius clearpass-server |
host <IP> | Specifies the RADIUS server IP address. | host 192.168.1.10 |
key <SHARED_SECRET> | Sets the shared secret key. | key "MyRadiusSecret" |
auth-port <port> | Sets the authentication port (default 1812). | auth-port 1812 |
acct-port <port> | Sets the accounting port (default 1813). | acct-port 1813 |
timeout <seconds> | Sets the RADIUS timeout. | timeout 5 |
retries <count> | Sets the number of retries. | retries 3 |
Example: Configure RADIUS Server
(host) (config) #aaa authentication-server radius clearpass-server
(host) (RADIUS Server "clearpass-server") #host 192.168.1.10
(host) (RADIUS Server "clearpass-server") #key "MyRadiusSecret"
(host) (RADIUS Server "clearpass-server") #exit
RADIUS Server Group
Groups multiple RADIUS servers for failover and load balancing.
(host) (config) #aaa server-group <name>
(host) (Server Group "name") #auth-server <radius-server-name>
(host) (Server Group "name") #exit
Example: Create a RADIUS Server Group
(host) (config) #aaa server-group corp-radius-group
(host) (Server Group "corp-radius-group") #auth-server clearpass-server
(host) (Server Group "corp-radius-group") #exit
AAA Profile (Authentication, Authorization, Accounting)
The AAA profile defines how clients are authenticated and what policies apply.
| Command (AOS 8/10) | Description | Example |
|---|---|---|
aaa profile <name> | Creates/edits an AAA profile. | aaa profile corp-aaa-profile |
authentication-dot1x <server-group> | Specifies the 802.1X authentication server group. | authentication-dot1x corp-radius-group |
initial-role <role-name> | Assigns an initial role to clients before authentication. | initial-role guest-logon |
l2-auth-fail-vlan <VLAN_ID> | VLAN for clients failing L2 authentication. | l2-auth-fail-vlan 99 |
mac-authentication-server-group <group> | Server group for MAC authentication. | mac-authentication-server-group mac-auth-group |
Example: Corporate AAA Profile with 802.1X
(host) (config) #aaa profile corp-aaa-profile
(host) (AAA Profile "corp-aaa-profile") #authentication-dot1x corp-radius-group
(host) (AAA Profile "corp-aaa-profile") #initial-role guest-logon // Or a default unauthenticated role
(host) (AAA Profile "corp-aaa-profile") #exit
5. Roles and Policies
Roles define client permissions (firewall rules, VLANs, bandwidth). Policies are collections of rules.
User Role Configuration
| Command (AOS 8/10) | Description | Example |
|---|---|---|
user-role <name> | Creates/edits a user role. | user-role employee-role |
vlan <ID> | Assigns a VLAN to clients in this role. | vlan 20 |
access-list session <ACL_NAME> | Applies a session ACL (firewall policy). | access-list session corp-access-policy |
bw-contract <profile> | Applies a bandwidth contract profile. | bw-contract 5mbps-down |
captive-portal <profile> | Applies a captive portal profile. | captive-portal guest-cp |
Example: Employee Role with VLAN and ACL
(host) (config) #user-role employee-role
(host) (user-role "employee-role") #vlan 20
(host) (user-role "employee-role") #access-list session corp-access-policy
(host) (user-role "employee-role") #exit
Session Access List (ACL) Configuration
ACLs define network traffic rules (permit/deny).
(host) (config) #ip access-list session corp-access-policy
(host) (config-acl) #alias "corp-network" 10.0.0.0 255.255.0.0 // Define network alias
(host) (config-acl) #permit ip any alias corp-network
(host) (config-acl) #deny ip any any
(host) (config-acl) #exit
Explanation: Permits all IP traffic from any source to the corporate network (10.0.0.0/16) and denies all other traffic. Use Case: Restricting client access based on their role.
Role Derivation (RADIUS Attributes)
RADIUS servers (e.g., ClearPass) can return Aruba-specific attributes to assign roles and VLANs dynamically.
RADIUS Attribute Example (ClearPass):
- Aruba-User-Role:
employee-role - Aruba-Essid-Name:
Corporate-802.1X(if specific role per SSID) - Tunnel-Private-Group-ID:
20(VLAN ID)
Explanation: When a client authenticates, the RADIUS server sends back these attributes, and the controller/gateway assigns the specified user-role and vlan.
6. RF Optimization
Aruba’s RF management features (ARM, AirMatch) automatically optimize channel and power settings.
Radio Profile Configuration
| Command (AOS 8/10) | Description | Example |
|---|---|---|
rf dot11a-radio-profile <name> | Configures 5GHz radio settings. | rf dot11a-radio-profile corp-5ghz |
rf dot11g-radio-profile <name> | Configures 2.4GHz radio settings. | rf dot11g-radio-profile corp-2.4ghz |
min-tx-power <dbm> | Sets minimum transmit power. | min-tx-power 9 |
max-tx-power <dbm> | Sets maximum transmit power. | max-tx-power 18 |
min-eirp <dbm> | Sets minimum EIRP (effective isotropic radiated power). | min-eirp 9 |
max-eirp <dbm> | Sets maximum EIRP. | max-eirp 18 |
channel <channel_list> | Specifies allowed channels (e.g., 36,40,44,48). | channel 36,40,44,48 |
no spectrum-monitoring | Disables spectrum analysis (if enabled). | no spectrum-monitoring |
Example: 5GHz Radio Profile
(host) (config) #rf dot11a-radio-profile corp-5ghz
(host) (dot11a-radio-profile "corp-5ghz") #min-tx-power 9
(host) (dot11a-radio-profile "corp-5ghz") #max-tx-power 18
(host) (dot11a-radio-profile "corp-5ghz") #channel 36,40,44,48,149,153,157,161
(host) (dot11a-radio-profile "corp-5ghz") #exit
RF Management Profile (ARM/AirMatch)
AOS 8 (ARM - Adaptive Radio Management)
(host) (config) #rf arm-profile <name>
(host) (arm-profile "name") #assignment <mode> // e.g., "automatic"
(host) (arm-profile "name") #min-tx-power <dbm>
(host) (arm-profile "name") #max-tx-power <dbm>
(host) (arm-profile "name") #exit
AOS 8 (AirMatch - Centralized RF Management) AirMatch is the default and recommended RF management solution for AOS 8.x. It’s configured on the Mobility Master.
// On Mobility Master
(MM) (config) #airmatch profile default
(MM) (AirMatch Profile "default") #optimization-interval 24h // Daily optimization
(MM) (AirMatch Profile "default") #exit
Explanation: AirMatch dynamically optimizes channel and power settings across the entire network.
AOS 10 (Aruba Central) RF optimization is primarily managed via Aruba Central GUI. Navigate to Groups > {Group Name} > Configuration > Radios. Here you can set global or per-AP radio profiles, enable/disable ARM, and configure channel/power ranges.
AP System Profile
Links radio profiles to APs.
(host) (config) #ap system-profile <name>
(host) (AP system profile "name") #dot11a-radio-profile <5ghz-profile>
(host) (AP system profile "name") #dot11g-radio-profile <2.4ghz-profile>
(host) (AP system profile "name") #exit
7. Roaming Optimization
Aruba supports various standards and features to optimize client roaming.
Fast Roaming Standards
- 802.11k (Neighbor Report): APs provide clients with a list of neighboring APs, helping clients choose the best AP faster.
- 802.11v (BSS Transition Management): APs can advise clients to roam to a better AP, or even disconnect poorly connected clients.
- 802.11r (Fast BSS Transition): Reduces the number of frames required for re-authentication when roaming between APs, significantly speeding up roaming for 802.1X clients.
Configuration (part of wlan ssid-profile):
(host) (config) #wlan ssid-profile corp-dot1x-ssid
(host) (ssid-profile "corp-dot1x-ssid") #ft-enable // Enables 802.11r (Fast BSS Transition)
(host) (ssid-profile "corp-dot1x-ssid") #dot11k-enable // Enables 802.11k
(host) (ssid-profile "corp-dot1x-ssid") #dot11v-enable // Enables 802.11v
(host) (ssid-profile "corp-dot1x-ssid") #exit
Explanation: These features enhance client roaming experience, especially for voice and video applications.
Client Match (AOS 8/10)
Explanation: Aruba’s ClientMatch technology continuously monitors client and AP performance, steering sticky clients to better APs and balancing clients across available radios. This is a critical feature for high-density environments.
Configuration (part of rf arm-profile or rf airmatch-profile in AOS 8, or via Central in AOS 10):
Client Match is often enabled by default or within the ARM/AirMatch profiles.
// AOS 8 example (within ARM profile)
(host) (config) #rf arm-profile default
(host) (arm-profile "default") #client-match enable
(host) (arm-profile "default") #exit
Use Case: Prevents “sticky client” issues where clients remain associated with a distant AP despite closer, stronger options.
8. Security Features
Beyond authentication, Aruba offers robust security features.
Firewall Policies (Session ACLs)
As shown in the “Roles and Policies” section, session ACLs are fundamental for controlling client traffic.
Rogue AP Detection and Containment
Aruba APs can act as sensors to detect rogue APs (unauthorized APs in the network) and perform containment.
(host) (config) #ap system-profile default
(host) (AP system profile "default") #rogue-ap-detection-enable
(host) (AP system profile "default") #rogue-ap-containment-enable
(host) (AP system profile "default") #exit
Explanation: Helps secure the wireless airspace by identifying and neutralizing threats from unauthorized APs.
Dynamic Segmentation (AOS 8/10)
Explanation: Enforces granular, user-role-based policies at the edge of the network, ensuring that users and devices only have access to the resources they need, regardless of location or connection method. This is achieved by integrating with policy engines like ClearPass.
Key Components:
- User Roles: Define access privileges.
- Firewall Policies: Applied based on roles.
- VLAN Derivation: Dynamically assigns VLANs.
- Policy Enforcement Firewall (PEF): Aruba’s stateful firewall on controllers/gateways.
WPA3 and Enhanced Open
Explanation: WPA3 is the latest generation of Wi-Fi security, offering stronger encryption and protection against brute-force attacks. Enhanced Open (OWE) provides opportunistic encryption for open networks, improving privacy.
Configuration (part of wlan ssid-profile):
(host) (config) #wlan ssid-profile guest-open
(host) (ssid-profile "guest-open") #essid "Guest-OWE"
(host) (ssid-profile "guest-open") #opmode owe
(host) (ssid-profile "guest-open") #exit
(host) (config) #wlan ssid-profile corp-wpa3
(host) (ssid-profile "corp-wpa3") #essid "Corporate-WPA3"
(host) (ssid-profile "corp-wpa3") #opmode wpa3-sae-aes // For WPA3-Personal
(host) (ssid-profile "corp-wpa3") #dot1x // For WPA3-Enterprise
(host) (ssid-profile "corp-wpa3") #exit
9. Troubleshooting Workflows
General Troubleshooting Commands
| Command (AOS 8/10) | Description | Example |
|---|---|---|
show log all | Displays all system logs. | `show log all |
show log wireless | Displays wireless-specific logs. | `show log wireless |
show log security | Displays security-related logs. | show log security |
show aaa authentication-server radius <name> statistics | Shows RADIUS server statistics. | show aaa authentication-server radius clearpass-server statistics |
show datapath session table <client_IP> | Displays firewall sessions for a specific client. | show datapath session table 10.0.20.5 |
show datapath session table | Displays all active firewall sessions. | show datapath session table |
show ap debug client-table | Shows client information on APs. | show ap debug client-table |
show user-table | Lists all connected wireless clients and their roles. | show user-table |
show user <client_MAC> | Detailed information for a specific client. | show user 00:11:22:33:44:55 |
show auth-tracebuf | Displays authentication trace buffer (AOS 8). | show auth-tracebuf |
show auth-tracebuf <MAC> | Displays authentication trace for a specific client (AOS 8). | show auth-tracebuf 00:11:22:33:44:55 |
show ap arm history | Shows ARM decisions for APs. | show ap arm history |
show airmatch debug | Shows AirMatch debug info (AOS 8 MM). | show airmatch debug |
show interface <interface_name> status | Shows status of a specific interface. | show interface gigabitethernet 0/0/0 status |
Client Connectivity Troubleshooting Workflow
Verify Client Status:
show user-table(Is the client listed? What’s its role, VLAN, IP?)show user <client_MAC>(Detailed status, authentication method, associated AP).show ap debug client-table ap-name <AP_NAME>(Is the client seen by the AP?)
Check Authentication:
show log wireless | include <client_MAC>(Look for authentication failures).show auth-tracebuf <client_MAC>(AOS 8: Detailed authentication steps).- Check RADIUS server logs (e.g., ClearPass Access Tracker).
show aaa authentication-server radius <server_name> statistics(Are requests reaching the RADIUS server?).
Verify IP Assignment:
- Is the client getting an IP address? From which DHCP server?
show ip dhcp binding(If controller/gateway is DHCP server).show datapath session table <client_IP>(Is traffic flowing?).
Check Role and Policies:
show user <client_MAC>(What role is assigned?).show user-role <role_name>(Review the ACLs and VLAN assigned to the role).show ip access-list session <ACL_NAME>(Verify firewall rules).
AP and RF Health:
show ap active(Is the AP up and broadcasting the SSID?).show ap debug driver-log ap-name <AP_NAME>(Check AP radio logs).show ap arm history(Check for channel/power changes).show ap radio-summary(Check channel utilization, noise).
Network Connectivity:
ping <client_IP>from controller/gateway.ping <gateway_IP>from client.show ip route(Verify routing).
Common Issues & Quick Fixes
| Issue | Description | Quick Fix / Verification |
|---|---|---|
| Client not connecting | Incorrect PSK, RADIUS server unreachable, wrong VLAN. | Verify PSK, check RADIUS server status, show auth-tracebuf. |
| Client connected, no IP | DHCP issue, wrong VLAN, DHCP server unreachable. | show user <MAC> for VLAN, show ip dhcp binding, check DHCP server. |
| Client connected, no internet | Firewall policy blocking, routing issue, DNS issue. | show datapath session table <IP>, show ip route, ping 8.8.8.8. |
| Poor Wi-Fi performance | RF interference, high channel utilization, sticky client. | show ap radio-summary, show ap arm history, check ClientMatch. |
| AP not coming up | Incorrect provisioning, network connectivity issue to controller/gateway, wrong firmware. | show ap database long, show log ap-debug, check network path. |
| AOS 10 Gateway offline in Central | Connectivity to Central, firewall blocking. | show aruba-central, ping activate.arubanetworks.com, check firewall rules. |
10. Common Patterns & Best Practices
Secure WLAN Deployment (802.1X with Dynamic Segmentation)
- Configure RADIUS Servers: Define primary and secondary RADIUS servers.
- Create RADIUS Server Group: Group servers for failover.
- Define User Roles: Create roles (e.g.,
employee,guest,iot) with specific VLANs and firewall policies. - Configure AAA Profile: Link the RADIUS server group and define initial/default roles.
- Create SSID Profile: Enable 802.1X, WPA2-Enterprise (or WPA3-Enterprise), and fast roaming features (802.11k/v/r).
- Create Virtual AP Profile: Link the SSID and AAA profiles.
- Apply to AP Group: Assign the Virtual AP to the appropriate AP group.
- RADIUS Server (e.g., ClearPass) Configuration: Configure service policies to return
Aruba-User-RoleandTunnel-Private-Group-ID(VLAN) based on user/device attributes.
Guest Access with Captive Portal
- Configure Captive Portal Profile: Define authentication method (internal, external), login page, and pre/post-authentication roles.
- Create Guest User Role: Minimal access (DNS, DHCP, HTTP/HTTPS to captive portal, then internet access).
- Create Guest SSID Profile: Open or OWE, link to guest AAA profile.
- Create Guest AAA Profile: Initial role is the guest user role, pointing to the captive portal profile.
- Create Guest Virtual AP: Link guest SSID and AAA profiles.
- Apply to AP Group.
AP Provisioning (AOS 8)
- Zero Touch Provisioning (ZTP): APs discover the Mobility Controller/Master via DHCP options (43/60), DNS, or broadcast.
- Manual Provisioning:
(MM) (config) #ap-name <AP_NAME> ap-group <AP_GROUP> (MM) (config) #ap-name <AP_NAME> ip-address <AP_IP> // If static IP (MM) (config) #ap-name <AP_NAME> ap-specific-profile system <AP_SYSTEM_PROFILE> (MM) (config) #ap-name <AP_NAME> ap-specific-profile ethernet-interface <ETH_PROFILE>
Gateway Provisioning (AOS 10 via Aruba Central)
- Onboard Gateway to Aruba Central: Register the Gateway’s serial number and MAC address in Central.
- Assign to Group: Place the Gateway into a Central group.
- Configure Group: All configurations (SSIDs, VLANs, roles, RF) are done at the group level in Central’s GUI.
- Gateway Connects: The Gateway downloads its configuration from Central.
11. Tips & Tricks
show running-config: Always use this to see the current active configuration.write memory: Don’t forget to save your changes!clear log all: Useful before starting a new troubleshooting session.logging level debugging: Use with caution in production, but invaluable for deep dives. Remember to revert.debug client <MAC>: Target specific client issues.- Aruba Central Audit Trail: For AOS 10, Central’s audit trail is your best friend for tracking configuration changes.
- Airheads Community: An excellent resource for questions and solutions.
- Documentation: Always refer to the official HPE Aruba Networking documentation for detailed information specific to your exact AOS version.
12. Version Information
- AOS 8: Current stable versions typically range from 8.10.x.x.
- AOS 10: Current stable versions typically range from 10.5.x.x.
- Aruba Central: Cloud-based, continuously updated.
- As of 2025-12-30: This cheatsheet assumes the general architectural principles and CLI syntax remain consistent with the latest stable releases around this date. Minor command variations may exist in specific point releases. Always consult official release notes for critical updates.
References
- HPE Aruba Networking Official Documentation
- Aruba Airheads Community
- ArubaOS 8.x CLI Reference Guide
- Planning Aruba AOS 8 to AOS 10 Migration Guide
Transparency Note
This cheatsheet was generated by an AI expert based on publicly available documentation and common industry practices for Aruba Wireless AOS 8 and AOS 10. While efforts have been made to ensure accuracy and currency as of December 2025, specific commands, features, or best practices may vary slightly with different hardware models, software versions, or unique network configurations. Always consult official HPE Aruba Networking documentation for the most authoritative and up-to-date information.